Auditing and the cloud: blue skies ahead?

Auditing and the cloud: blue skies ahead?

Increasingly, organisations using the cloud and migrating huge amounts of data to the cloud has become one of the features of the digital age. The cloud represents a new paradigm for computing – reducing storage and running costs for companies, increases flexibility, providing the capability of adjusting (also known as ‘spinning’) capacity up and down, and increasing functionality and processing power. While some organisations that we audit may prefer to keep their data in on-premise servers, there is no doubt that the move to the cloud continues to grow. But what of auditing? Will the cloud help auditors do their job more easily or better?


Also on

Auditing and the cloud

The answer is – a qualified yes. While the cloud does not in itself necessarily hold the prospect of changing how we audit, it could nevertheless make auditing more centralised, easier to access across geographies and more efficient. For example, with a multi-national that operates in the cloud, whether a transaction is made in the US or in India, it will be recorded centrally in the cloud (and updated/replicated across geographic-specific systems).

As the audit becomes increasingly digital, auditors are going to collect more digital data for advance analytics. This data is going to be available 24/7 in the cloud and auditors across borders will be able to interact far more seamlessly. The cloud might therefore aid auditors in extracting data that may be harder to locate within ERP and other physical systems. Information can also be archived more accessibly. Data held in the cloud is searchable too – offering the prospect, in the future, of an auditor using a voice activated digital assistant: “Look up the invoices from 2017 between companies A and B and find this specific item.”

Access to data may become more mobile through the cloud too, enabling auditors to work more effectively remotely. With the centric nature of the cloud structure using access controls like facial recognition technology and various encryption techniques, it allows data to be more secure compared to physical archives where unauthorised people might gain access.

An example of how the cloud can facilitate the audit, in conjunction with other emerging technology, could be where a company has data stored on the public cloud, which has almost infinite capacity. An auditor can potentially review every document or every invoice stored there by engaging 100 software bots with one command: “Go and audit all the invoices and come back to me by tomorrow morning.” What would be a long and arduous process for human beings can become simple and quick with technology.

KPMG Clara is enabled to be hosted on a private cloud network within Microsoft Azure’s public cloud which provides additional layers of authentication around it and offers a completely secure environment. Offering KPMG scalability of advanced data & analytics (D&A) processing and the ability to add as much capacity as needed, for example during times of peak activity, the Microsoft platform provides a blueprint for hosting the audit of the future.

An increase in audit quality?

As we have seen, the cloud could make the retrieval of data needed for the audit faster and easier, expanding the search functionality and enhancing the precision of auditor inquiries.

In combination with other new technologies such as robotic process automation (RPA), the use of the cloud could also facilitate the analysis of 100 percent of datasets.

The cloud in combination with other technologies is therefore itself a driver of better audit quality.

What is the cloud?

Cloud computing is the delivery of computing services and storage capabilities through the internet (‘the cloud’). Cloud providers like Microsoft offer computing storage and services that they host themselves — meaning companies do not necessarily have to manage and invest in their own on-premise servers. Because it is virtual, the cloud offers far greater capacity, speed and configurability than traditional physical servers. There are three main types of cloud: public, private and hybrid. Public cloud is owned and run by the cloud provider, with users ‘renting’ storage and capacity in a shared facility. Private cloud is used exclusively by one organisation, with the cloud either being located on the company’s on-site data centre or hosted by a third-party provider. A hybrid cloud is a combination of the two.

There are three main types of cloud service:

  • Infrastructure as a Service (IaaS) — the most basic category; involves renting IT infrastructure
  • Platform as a Service (PaaS) — supplies an on-demand environment for the developing, testing, delivering and managing of software applications
  • Software as a Service (SaaS) — a method for delivering software applications over the internet, on demand and typically on a subscription basis.

KPMG Australia acknowledges the Traditional Custodians of the land on which we operate, live and gather as employees, and recognise their continuing connection to land, water and community. We pay respect to Elders past, present and emerging.

©2022 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.

Liability limited by a scheme approved under Professional Standards Legislation.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today